Multiple Login and session tracking

Results 1 to 3 of 3

Thread: Multiple Login and session tracking

  1. #1
    Join Date
    Dec 1969

    Default Multiple Login and session tracking

    Hi All,<BR><BR>i have problem with concurrent login. Though this topic is discussed, i could not fing there <BR>clear solution. <BR><BR>My requierement is , the website should not allow multiple login. That means if a one user<BR>logs in , same userID cannot be used to login from some other m/c . <BR><BR>Though i have handled this situation by setting session expiry priod. But what if he closes browser without graceful logout? I have s<BR>t0 600 secs. In this case user has to wait till those remaining seconds complete. and session<BR>completes. <BR><BR>There&#039;s one solution i.e bind the remote IP as one of session variable. But ,<BR>1. What if user connects to my site through proxie server? is there any way to get remote Addr<BR> if user connects tthough proxy. req.getRemoteAddr() and getRmoteHost() gives IP of proxy server.<BR>2. What if user connects to my site through dial up and link goes down . User closes browser <BR> when he reconnects in between the max session expiry time ISP may assign new IP to user.<BR><BR>If anyone has already got the soln or refer some of the link would be helpful.<BR><BR>Thanks in advance <BR>

  2. #2
    Join Date
    Dec 1969

    Default Are you using a DB?

    Are you holding logins (usernames/passwords) in a DB?<BR><BR>Well, you could save the valid session ID of each login in the database. Then on each page you can easily check to see if the session ID of the user is that stored in the DB. It means an extra DB connection on each page, though.<BR><BR>However, you can then use this to prevent multiple logins. When a user logs in, the session ID in the DB for that login is overwritten. That means that when the first person tries to request a subsequent page, it&#039;ll fail the check and log them out...<BR><BR>Craig.

  3. #3
    Join Date
    Dec 1969

    Default RE: Are you using a DB?

    but if the person never logout properly from the system. Would the system consider the person to be login the next time?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts